https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110869#M20932 <P>HI,</P><P>&nbsp;</P><P>thanks for your reply, could you please share me the forum link. also is this possible for us to track change management of rule bases using ansible and to check disable rules and expired rules and going to expire rules. im looking for a replacement for "Tufin"</P> Tue, 16 Feb 2021 07:49:32 GMT Ram1 2021-02-16T07:49:32Z https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110828#M20928 <P>Hi Team,</P><P>&nbsp;</P><P>&nbsp;</P><P>Is there any open source tool which is very good on policy and change management for checkpoint Firewall. To replace tufin, is there any open aousou tool like tufin. If yes please let me know...also can we automate firewall policy and change management using ansible...any other options would be very helpful.</P><P>&nbsp;</P><P>Thanks in advance!</P> Mon, 15 Feb 2021 16:57:52 GMT https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110828#M20928 Ram1 2021-02-15T16:57:52Z https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110836#M20929 <P>We have an Ansible module to manage policy and objects, yes.<BR />In fact, we have a specific forum on CheckMates for Ansible-related queries.</P> Mon, 15 Feb 2021 18:16:05 GMT https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110836#M20929 PhoneBoy 2021-02-15T18:16:05Z https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110869#M20932 <P>HI,</P><P>&nbsp;</P><P>thanks for your reply, could you please share me the forum link. also is this possible for us to track change management of rule bases using ansible and to check disable rules and expired rules and going to expire rules. im looking for a replacement for "Tufin"</P> Tue, 16 Feb 2021 07:49:32 GMT https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110869#M20932 Ram1 2021-02-16T07:49:32Z https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110948#M20937 <P>It's under Products &gt; Developers:&nbsp;<A href="https://community.checkpoint.com/t5/Ansible/bd-p/ansible" target="_blank">https://community.checkpoint.com/t5/Ansible/bd-p/ansible</A>&nbsp;<BR />Ansible itself does not provide this functionality, but if all rulebases/objects are built using Ansible and you use something like Git to track changes to the playbooks, you, by default have a way to track this stuff.<BR />This will only help you with new rulebases/objects created with Ansible, not existing rulebases/objects.</P> <P>There is no specific APIs for tracking disabled or expired rules.<BR />You can query the rules and find them, but that has to be done outside of Ansible using the API.&nbsp;</P> <P>Bottom line: Ansible itself will NOT replace Tufin.<BR />You can use it to potentially build your own replacement, but a lot of assembly will be required.<BR />If you're just looking to track configuration changes, there are SmartConsole Extensions that assist with this (requires R80.30 and above):&nbsp;<A href="https://community.checkpoint.com/t5/SmartConsole-Extensions/Change-Report/m-p/87322" target="_blank">https://community.checkpoint.com/t5/SmartConsole-Extensions/Change-Report/m-p/87322</A><BR />It won't be as full-featured as Tufin, of course, which has a lot of additional functionality.</P> Tue, 16 Feb 2021 18:31:41 GMT https://community.checkpoint.com/t5/General-Topics/Open-source-tool-for-firewall-policy-and-Change-management/m-p/110948#M20937 PhoneBoy 2021-02-16T18:31:41Z